Java security: hostile applets, holes&antidotes
Java security: hostile applets, holes&antidotes
Designing distributed applications with mobile code paradigms
ICSE '97 Proceedings of the 19th international conference on Software engineering
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Program fragments, linking, and modularization
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The security of static typing with dynamic linking
Proceedings of the 4th ACM conference on Computer and communications security
Techniques for trusted software engineering
Proceedings of the 20th international conference on Software engineering
Certification of programs for secure information flow
Communications of the ACM
Java Virtual Machine Specification
Java Virtual Machine Specification
The Java Language Specification
The Java Language Specification
A Type-Based Approach to Program Security
TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
A formal specification of Java class loading
OOPSLA '00 Proceedings of the 15th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Formalizing the safety of Java, the Java virtual machine, and Java card
ACM Computing Surveys (CSUR)
Formalization and Analysis of Class Loading in Java
Higher-Order and Symbolic Computation
An Active Network Approach to Support Multimedia Relays
IDMS/PROMS 2002 Proceedings of the Joint International Workshops on Interactive Distributed Multimedia Systems and Protocols for Multimedia Systems: Protocols and Systems for Interactive Distributed Multimedia
An Abstract Model of Java Dynamic Linking and Loading
TIC '00 Selected papers from the Third International Workshop on Types in Compilation
Evaluation of two security schemes for mobile agents
ACM SIGCOMM Computer Communication Review - Workshop on data communication in Latin America and the Caribbean
Proof linking: distributed verification of java classfiles in the presence of multiple classloaders
JVM'01 Proceedings of the 2001 Symposium on JavaTM Virtual Machine Research and Technology Symposium - Volume 1
| Hi-index | 0.00 |
Security flaws are routinely discovered in commercial implementations of mobile code systems such as the Java Virtual Machine (JVM). Typical architectures for such systems exhibit complex interdependencies between the loader, the verifier, and the linker, making them difficult to craft, validate, and maintain. This reveals a software engineering challenge that is common to all mobile code systems in which a static verification phase is introduced before dynamic linking. In such systems, one has to articulate how loading, verification, and linking interact with each other, and how the three processes should be organized to address various security issues.We propose a standard architecture for crafting mobile code verifiers, based on the concept of proof linking. This architecture modularizes the verification process and isolates the dependencies among the loader, verifier, and linker. We also formalize the process of proof linking and establish properties to which correct implementations must conform. As an example, we instantiate our architecture for the problem of Java bytecode verification and assess the correctness of this instantiation. Finally, we briefly discuss alternative mobile code verification architectures enabled by our modularization.